Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-07-22T14:00:00Z
Updated: 2024-09-16T17:34:16.140Z
Reserved: 2014-07-22T00:00:00Z
Link: CVE-2014-5022
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-07-22T14:55:10.130
Modified: 2014-07-22T19:21:44.377
Link: CVE-2014-5022
Redhat
No data.